[unisog] Access control in wireless and other plublic access networks

Peter Van Epp vanepp at sfu.ca
Mon Oct 21 23:10:58 GMT 2002


	Well, I'd advise not following up on Nokia but that said we are using
the Vernier for both wireless and wired access control (wired is a little
exciting because the user has to remember to log out or we have to boot them
off, since the lack of carrier change on wired stations in a lab environment
where we provide the terminals won't auto logoff). The dropin labs (which we
also have, a 10/100 socket and a power plug) of course work OK in that the 
MAC address goes away and gets auto logged off. There are a couple of other
boxes similar to Vernier floating around now (I expect someone else will 
chime in with them :-)), but I'd certainly recommend Vernier, support has 
been good when we had problems (it was beta code and a real obscure problem
with IRC, so it of course showed up here lots and never anywhere else :-)) so
I know they can fix the tough ones when they hit them and by and large there 
haven't been problems, it just sits there and works. 
	One nice feature of the Vernier is that if the client is misconfigured 
the Vernier will NAT it and it will still run fine (and of course log what it 
has done so that the appropriate whack can be applied if needed :-)). That 
feature alone is going to be valuable in teaching spaces to allow faculty to 
bring in the machine (laptop or otherwise) from their office, plug it in and 
have it work without any configuration change required from the fixed IP that 
works in their office. The NATing is invisible to them (unless of course there 
are IP based access controls on the remote end that will object to the NAT 
address that they are trying to connect from which may cause a few puzzled 
calls of "but it worked in my office and I didn't change anything" :-)).

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada

> 
> Hi All,
> 	We are a looking for access control methods for large new project that
> will see both wireless LANs and publicly accessible network sockets in a
> large study area.  I have followed this list since its inception so I
> have seen the previous discussions on securing wireless LANs and I am
> following up several leads including Vernier and Nokia.
> 
> The problem of securing publicly accessible network ports strikes me as
> being very similar to that of controlling access on a wireless network.
> 
> My question is "Is anyone using the same systems to secure both wireless
> and physical ports?".
> 
> Having one mechanism for both has obvious attractions.
> 
> I'd also like to know of any 'new' products that I might miss by
> concentrating my research on the list archives.
> 
> Cheers and thanks,
> 
> Russell
> 
> -- 
> Russell Fulton, Computer and Network Security Officer
> The University of Auckland,  New Zealand
> 
> "It aint necessarily so"  - Gershwin
> 
> 



More information about the unisog mailing list